Security Principles

From Glitchdata
Jump to navigation Jump to search

The security principles provide high-level guidance for the design of system security. These principles are abstracted into 3 levels:

These principles impact Enterprise Security Architecture

System Principles

  • Least Privilege
    • An entity should have the least privilege necessary to carry out their responsibilities. This is given for the minimum time needed.
  • Privilege Separation
    • Compartmentalisation of privileges.
  • Fail Safe Defaults
    • System defaults should be secure.
  • Complete Mediation
    • All access to a resource should be checked to see if its allowed. This is an audit.
  • Least Common Mechanism
  • Minimise Attack Surface
  • Limit Trust